Fuzzing is an emerging technique to automatically validate programs and uncover bugs. It has been widely used to test many programs and has found thousands of security vulnerabilities. However, existing fuzzing efforts are mainly centered around Unix-like systems, as Windows imposes unique challenges for fuzzing: a closed-source ecosystem, the heavy use of graphical interfaces and the lack of fast process cloning machinery.

In this paper, we propose two solutions to address the challenges Windows fuzzing faces. Our system, WINNIE, first tries to synthesize a harness for the application, a simple program that directly invokes target functions, based on sample executions. It then tests the harness, instead of the original complicated program, using an efficient implementation of fork on Windows. Using these techniques, WINNIE can bypass irrelevant GUI code to test logic deep within the application. We used WINNIE to fuzz 59 closed-source Windows binaries, and it successfully generated valid fuzzing harnesses for all of them. In our evaluation, WINNIE can support 2.2x more programs than existing Windows fuzzers could, and identified 3.9x more program states and achieved 26.6x faster execution. In total, WINNIE found 61 unique bugs in 32 Windows binaries.

View More Papers

Vision-Based Two-Factor Authentication & Localization Scheme for Autonomous Vehicles

Anas Alsoliman, Marco Levorato, and Qi Alfred Chen (UC Irvine)

Read More

SerialDetector: Principled and Practical Exploration of Object Injection Vulnerabilities...

Mikhail Shcherbakov (KTH Royal Institute of Technology), Musard Balliu (KTH Royal Institute of Technology)

Read More

Who's Hosting the Block Party? Studying Third-Party Blockage of...

Marius Steffens (CISPA Helmholtz Center for Information Security), Marius Musch (TU Braunschweig), Martin Johns (TU Braunschweig), Ben Stock (CISPA Helmholtz...

Read More

Effects of Precise and Imprecise Value-Set Analysis (VSA) Information...

Laura Matzen, Michelle A Leger, Geoffrey Reedy (Sandia National Laboratories)

Read More